<?php
/********************************************************************/
/* Programmer: Scott Gildersleeve                 					*/
/*       Date: 2/1/2013                           					*/
/*  Page Name: login.php                           					*/
/*                                                					*/
/********************************************************************/

/********************************************************************/
/* PHP Login System                               					*/
/*                                                					*/
/********************************************************************/

/********************************************************************/
/*   Date        Reviser       Revision           					*/
/* --------     ---------     ----------          					*/
/* 2/4/13       S. Gilder     Integration with    					*/
/*                            FirstPage.html      					*/
/* 2/9/13       D. Widjaya    Change redirect page to main.php      */
/* 2/9/13       S. Gilder     Added avatar to session variable      */
/*                                                					*/
/********************************************************************/
   
   /* FUNCTIONS */
   require_once("functions.php");
   require_once('PasswordHash.php');
   require_once('webservices.php');
   
   function main()
   {

       /* FALL THROUGH CODE */
       if (!check_login()) // In functions.php. Checks to see if all of the required session information is stored.
       {   
          session_start();
          
       /* VARIABLES */
          $email      = "";
          @ $email    = strtolower($_REQUEST['UserName']);
          $errMsg     = "Cool";
          $password   = "";
          @ $password = $_REQUEST['Password'];
          
             $database = mysqli_connect($GLOBALS['SERVER_ADDRESS'], $GLOBALS['SERVER_USERNAME'], $GLOBALS['SERVER_PASSWORD'], 'cs414');

             $stmt = $database->prepare("SELECT salt_hash, user_id, avatar, power_id FROM cs_authentication where email = ?;");
             $stmt->bind_param("s", $email);
             $stmt->bind_result($fetchedPassword, $fetchedUserID, $fetchedAvatar, $fetchedPowerId);
             $stmt->execute();

             if ($stmt->fetch()) //Checks if there's a user with the email provided
             {
                if($fetchedPassword == md5(sha1(md5(md5($password)))) || validate_password($password, $fetchedPassword)) // Checks if the passwords match up
                {
                      mysqli_close($database);
                      $_SESSION['userid']  = $fetchedUserID;
                      $_SESSION['avatar']  = $fetchedAvatar;
                      $_SESSION['powerId'] = $fetchedPowerId;
                      // Also, you can grab whether the user is faculty or not here and store that in a session if
                      // you don't want to constantly be checking against their email.
                      // Basically, add any user information here that you will need to store in a session. 
                      //Get it up top where we're selecting and assign it here.
                      header("Location: main.php");
                }
                else
                {
                   header("Location: FirstPage.php?field=invPsd");
                   
                }
             }
             else
             {
                header("Location: FirstPage.php?field=invEml");
             }		 
       }
    }
    
    if (!debug_backtrace())
    {
        main();
    }
?>